5eb97eaf6a5424a54d04afd9ce9002142b55cb2523bde6d122325fc78e2baa70

Analysis

max time kernel
2616083s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5eb97eaf6a5424a54d04afd9ce9002142b55cb2523bde6d122325fc78e2baa70.apk
Size

6.8MB
MD5

303b01f895ec5d6d58480449740c4ea3
SHA1

c0b8bff2fb0166f01c310bb928a0e253bb116f2b
SHA256

5eb97eaf6a5424a54d04afd9ce9002142b55cb2523bde6d122325fc78e2baa70
SHA512

f6825ddc7bc78eeccd224d0e403d11db0a75a9587079f41212f6b1c83e5e58d1332fa46b8009f8f6025c119c15ebaa26791a9058bb4d5a772b6c786096eb802d
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bS:GrsOtM2uxMGwJCFFZ+/jqguPj

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4254

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285
- /system/bin/sh
  2⤵
  PID:4396
- cat /proc/version
  2⤵
  PID:4489

com.qihoo.appstore:critical
1⤵
PID:4416

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4470

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
4643141d87da2f48f8165b986346dc29

SHA1
1ce0eaba2b142aaa1a0ea3dee8e944213a8ea506

SHA256
34347484df6bddf313be52a1d043d538d510779aecfd38f2612adb0143a92463

SHA512
1cd9821fa7f86c278318c81a9200bb6ce97293db55498165d2a45937a11eb29b2f889dcc71dbe684903138446c4a1344b251d62e44ef740d3913673c080cf987

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
6994d6d2f7239ef1fe1ad0afd3ce0912

SHA1
318352a6585270180065f5c2eaccc1da5688e6d8

SHA256
a848e3abba566739af7d1ca4651506d2d57c443cfaaadbce003175db40ad88c0

SHA512
eff9a609ec13782ce6136ac62e15da4b1833f61f7a26dab0ae935bff57af952bb77bdd692766e52c791d537fdcffa56c3e9c26443c196272e0725bf6f58c1169

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
1bb71081dfc720a54175616cdacc35a6

SHA1
1a1977fa73d5e950e6b179641bf8cd4993dceb7c

SHA256
98e988655c8e5adf4a2013c171b943690e4e4f4f1946d5b2732f06c06498ce64

SHA512
beeb6e1bfe0d660d94a9ffbd199d53b0f79bbd6478ffc2f56c5f96db63d9df394adbfb6de48a479637a0d14b1d8e3b0395844f0660bd3d6515923b822392078b

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
32KB

MD5
2e827b47d3a0f7ff556aa9098ff560d2

SHA1
f65648bae55ad59f43a9701ce04e12528e2fbc30

SHA256
8ac98f8dd6837d399d4c19989915fe8202f2d7a9f87cb8b30675339f764b6a27

SHA512
0e598abfc554f5ea8a54c5029eea29dc68781455f255b716b8122e8c0da05867d7af32757acc453da52318dbc050e78e288adef47e7206434cc80852c3035c07

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
37a814a8da8d8ac2b9cfb5fd4ef556a2

SHA1
f0005a77b8c7828bfaa5bd3ee61408aa87da5ead

SHA256
c93d01aebfac1d06e0b887c61fb6e276a6cb0b0237d85622c3990cea9bbb8820

SHA512
c7850669ecd0c9ccb478f3c25ee11f89cdfac3b6f8ff2886390bd0f252acb1464192c7c8487fa7aae57f08c787454a2ad3e778284610c52a8dbc95c057eb4203

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
32KB

MD5
cf94b10eb774866d97364ef404735644

SHA1
7595022da08e0bcc599d9279e40d72b7f6df887e

SHA256
b9a312a6ab72147fcd2cbc60d5bb5aff8172af1ed002d1cd81286a1386ed12f5

SHA512
787136158c05cc0668039258ef09e8bbaf892cacdf42cfc789f57dfe28707c0912e64bf2daae00786a2538a878296b48da52f074a5391349a85109b1739f93f1

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
dfe46349eafdf4ee4a0170916b0efea2

SHA1
3f2b8427e65cc6b23707c543477078581366c361

SHA256
d6aa96a95d3946f1ecdfafe7e1deef2b5dcdabb0d258e05cc579518825054b74

SHA512
be4cb3d05ed7bc386194a85e948c58b8695c3d1e3837f6a8e782363d203c4b66a5e1fb3367d625b72053ca6912b0d4e24373a005238ed77fa5e7d5dff11d9aa9

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
fbb348a3e450d1d7e71caa1e2505c743

SHA1
9e7f4207d2174175dcabdf8011e8518e02b33de8

SHA256
dd2c6bffcfb1ca746cd3b49cccdaf8f3d9b22de745e6c4b50871a4533955b58e

SHA512
b832c6baff3de160fbf4e08326209f696fef734f1540d9c32d3ff5249670511347cfc57955234f85affb2640ddb30c4d2188b7d627cd9bfd1bc2b7f8bccba38a

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
500B

MD5
e71f40b94f0760e744ebd633f6087ec4

SHA1
d570309d922bcb80f52c32caa156e96b38a5dd5d

SHA256
ff8a854228a154a957b6ee714e6e3766d8f4c513bb230f4cc0720b59ccbd07f8

SHA512
946232abcd8832f38be138626fae8396ae8e8fa5642fe1ea0edd3ced573aa0b9474998c32eb3caf5556f4c0eea9f15ab667994aa69cf9e389c41896d97dde1d0

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
6c4921f53db3b216c8f3be60cae55f69

SHA1
1b581af744f9b5c3bdf67e246b36fe27e1ca0737

SHA256
f1a10aa5f5ffd2c5e6f9dafaa9be3aa71a50d03b28eb5ac13b9589555389775c

SHA512
c2cb1709117c5f7ce3ae0e29d85ca1140d6f6e3cb3d21b3e5525febfa9873eb2eecdd880ba7b3a70dd9a555a321bf38bd09f5e2133c213a06025da81e31baeb7

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
189ab11b0c8038409a464af4705aa0cf

SHA1
88e4645fe23820015243994493227bc804073431

SHA256
5c94a4bacb48407b25e5d6b1ffd93711cc49458af54a6affa446877fdca5d94b

SHA512
987e542722b0dff5e2c2ef0b473868c2cdc6dae7056fa4cce30565bdb45c58d549a7cfee3a77655e675917563f870cc50f3df1243230245be86650b80c65098e

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
624B

MD5
4b5ae9cd02a711101f675e76a1e15ebc

SHA1
7710f9f8f61c0f558da9c5f448626a29258b885e

SHA256
b0e85415c2cad2477c0c790d9b5f92f5caf0138aa18135b16da989fcda09530e

SHA512
e8fe06031cff208953ceccb0e810e9c6067ad5288bdbd495f7830cd99371f60878cd1097a2a666588304f92a95b4a6e8baa45c9644c64b1413ba82db6c1de700

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
32KB

MD5
e9376ad8875f7b68fdaa12df0315fd33

SHA1
8f8b5318b0bcacbb1c46a02d8fe3bd916e3698ab

SHA256
69210c63f6f53100f741707a327d7f923dd74c27ab4043c29ebd10f360ec568f

SHA512
c0444667b38341e05af202c926239321c5bd7629c9702e10ab8f3193a04ebdda10800d28c3c8f5d0a47a678ce51ef361fa7c8fff01e1b22ac66b2984fea3b8c5

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4254/finalcore.jar

Filesize
77KB

MD5
c14c8a2f5d3a7c47eb2ca8c1b6e69adb

SHA1
4e57b3c0f34427aba8a5be40c2e9b627172a89c8

SHA256
7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

SHA512
2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

Download Submit